| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140820065914.GA11546@kernel> Date: Wed, 20 Aug 2014 14:59:14 +0800 From: Wanpeng Li <wanpeng.li@...ux.intel.com> To: Paolo Bonzini <pbonzini@...hat.com> Cc: Jan Kiszka <jan.kiszka@...mens.com>, Marcelo Tosatti <mtosatti@...hat.com>, Gleb Natapov <gleb@...nel.org>, Bandan Das <bsd@...hat.com>, Zhang Yang <yang.z.zhang@...el.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v4] KVM: nVMX: nested TPR shadow/threshold emulation Hi Paolo, On Tue, Aug 19, 2014 at 10:34:20AM +0200, Paolo Bonzini wrote: >Il 19/08/2014 10:30, Wanpeng Li ha scritto: >> + if (vmx->nested.virtual_apic_page) >> + nested_release_page(vmx->nested.virtual_apic_page); >> + vmx->nested.virtual_apic_page = >> + nested_get_page(vcpu, vmcs12->virtual_apic_page_addr); >> + if (!vmx->nested.virtual_apic_page) >> + exec_control &= >> + ~CPU_BASED_TPR_SHADOW; >> + else >> + vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, >> + page_to_phys(vmx->nested.virtual_apic_page)); >> + >> + /* >> + * If CR8 load exits are enabled, CR8 store exits are enabled, >> + * and virtualize APIC access is disabled, the processor would >> + * never notice. Doing it unconditionally is not correct, but >> + * it is the simplest thing. >> + */ >> + if (!(exec_control & CPU_BASED_TPR_SHADOW) && >> + !((exec_control & CPU_BASED_CR8_LOAD_EXITING) && >> + (exec_control & CPU_BASED_CR8_STORE_EXITING))) >> + nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD); >> + > >You aren't checking "virtualize APIC access" here, but the comment >mentions it. > >As the comment says, failing the entry unconditionally could be the >simplest thing, which means moving the nested_vmx_failValid call inside >the "if (!vmx->nested.virtual_apic_page)". > >If you want to check all of CR8_LOAD/CR8_STORE/VIRTUALIZE_APIC_ACCESS, >please mention in the comment that failing the vm entry is _not_ what >the processor does but it's basically the only possibility we have. In >that case, I would also place the "if" within the "if >(!vmx->nested.virtual_apic_page)": it also simplifies the condition >because you don't have to check CPU_BASED_TPR_SHADOW anymore. > >You can send v5 with these changes, and I'll apply it for 3.18. Thanks! > Do you mean this? + /* + * Failing the vm entry is _not_ what the processor does + * but it's basically the only possibility we have. + */ + if (!vmx->nested.virtual_apic_page) + nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD); Regards, Wanpeng Li >Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists